When designing and building resource endpoints, it is critical to verify the signature linked in the request headers to ensure that the request is coming from SSOfy.

Most web applications handle this in the middleware.

import { SignatureVerifier, SignatureGenerator } from "@ssofy/node-sdk";
...
const generator = new SignatureGenerator();
const validator = new SignatureVerifier(generator);

/**
 * @type {boolean}
 */
const ok = validator.verifyBase64Signature(
    url, // current route url started with http:// or https://
    params, // array combination of form and query parameters
    secret, // your SSOfy application's secret
    signature // signature in headers
);
ssofyKnowledge Base
At our core, we believe that staying up-to-date with the latest trends and advancements in Authentication and related areas is essential. That's why we take great pride in keeping you informed with the latest insights, updates, and news in this rapidly evolving landscape.


Do you need support?
SSOfy is by Cubelet Ltd.
Copyright © 2024 Cubelet Ltd. All rights reserved.